The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). This regulation emphasizes in two important aspects of privacy:
- consent of each individual to have his/her personal data entered into a database controlled by a business/organisation
- obligation by businesses/organisations to safeguard personal data stored in those databases
In the past, both those aspects have been abused by businesses/organisations collecting personal data; individuals not always were asked for consent having their personal details entered in a database, and the security of those data should not be taken for granted.
A third, not widely perceived but equally – if not more – important, aspect is the combination of data provided by each individual with data retrieved by other sources, in order to build a behavioural profile, without the subjects’ consent.
With GDPR, businesses need to make sure that subjects are providing their expicit consent for their personal data are entered into a database, and processed by the data processors.
Some marketers and sales people, are afraid that this is the end of cold calling and cold e-mailing within the EU. And this is simply wrong. Cold calling and cold e-mailing is acceptable and totally legitimate if you cold call the switchboard of a company/organisation, or you send mass e-mail messages to generic e-mail addresses within a company/organisation (e.g. firstname.lastname@example.org). Only when it comes to specific people within a company/organisation, you need to get their explicit consent for contacting them directly – and a way to prove that you actually have received this consent.
If you are an e-business gathering contact details through a form in your website, this is quite easy; people are entering their contact details, knowing you will be contacting them back (provided that you clearly indicate that in your contact form – and even if you currently are not doing this, it’s quite easy to modify your form to comply with this requirement). What happens with other businesses though? Those who do not have a website, or do not have an e-mail marketing service installed on their website, and who most often rely on printed business cards for getting contact details of their prespective customers?
To put it simply, printed business cards are not a GDPR compliant tool. Printed business cards are not meant to carry data on them, that are to be extracted and processed by their recipients. When you receive a printed business card, you still have no right to cold call or cold e-mail the person who handed it to you, unless he/she expicitly tells you to call or send an e-mail to him/her. Even then, you still cannot prove that you have actually received that explicit consent. If, for any reason, the person who handed you his/her business card denies he/she has ever provided you with consent to call or e-mail him/her, you cannot prove the opposite.
Digital business cards in the other hand, would normally cover that. But most digital business cards out there are not. Contact data files generated by the phone or computer of the sender carry no other information on them that can be used as a proof of receipt; only the message they were attached into is sufficient evidence, but who keeps those messages, right? Not to mention that some digital business card apps explicitly mention in their terms of service that they do not receive any kind of consent, by design; both senders and recipients of such digital business cards are exposed.
ScreenTag in the other hand, is the only digital business card that does provide you (whether sender or recipient) with explicit consent, by design; senders of ScreenTag digital business cards are providing their recipients with expilicit consent to be contacted by them, and their recipients are presented the option – should the ScreenTag customer chooses to do so – to enter their personal contact details by explicitly stating that they wish their personal data be entered in the database and be contacted directly by the ScreenTag user.
With GDPR coming in force by the end of May, ScreenTag is not any more just a nice to have gadget; it’s the only tool available today, so you may keep handing out your business cards.